Hi all!
When I use the x509 certification to connection two network, For I have set
the password for private key, So I add the line
: RSA /etc/ipsec.d/private/right.key passwd to /etc/ipsec.secrets file.
After that , I restart ipsec service , and checked the ipsec status by
This is certainly a configuration issue with S/WAN. I've never even
heard of this.
-Kyle H
On Tue, Mar 31, 2009 at 11:50 PM, shawnlau net17shawn...@gmail.com wrote:
Hi all!
When I use the x509 certification to connection two network, For I have set
the password for private key, So I add
Hi!
I have the problem, that I get a pair of 12 bytes and 396 bytes memory leak
for every connection even if they are closed successfully.
They look like this:
{57741} normal block at 0x035EB310, 12 bytes long.
Data: @ n 3 40 16 6E 03 00 00 00 00 F0 33 01 00
{57740} normal block at
I finally managed to get the same result with RSA_sign as with CryptSignHash.
The problem was I used the wrong algorithm, nid_SHA1WithRSA instead of
nid_SHA1. When I sign an XML using this signature it also validates.
Thanks to everyone for explaining me everything and helping me with the
stupid
Hello,
Is there any reason why one needs to protect CSR (e.g. encrypting it)
from public view? I was under impression that is the key that needs
to be protected not the CSR?
Thank you,
Farid
__
OpenSSL Project
The private key is what needs to be protected. The CSR contains
information that you may consider proprietary, but the only *really*
important piece of it is the public key, which is going to be in the
issued certificate anyway.
-Kyle H
On Tue, Mar 31, 2009 at 1:15 PM, fhd...@unm.edu wrote:
If SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE are returned, the
arguments *must* be *exactly* the same. This includes the data
pointed to by the buffer. There is a way to set a mode on the SSL
connection to allow a moving buffer, but that's it. SSL will not
buffer the data passed to it.
If
Hi All!
I've have some doubts regarding SSL_write in non blocking mode..
1. if SSL_write returned SSL_ERROR_WANT_WRITE, it is mentioned that the
call has to be repeated with the same arguments.
Does this means the same buffer to be used again?? or the data
passed in the initial SSL_write
Thanks you ! But How to deal with this problem? The configure followed from
openswan.pdf handbook. Because my private key has password protected. When this
error occurred, The ipsec auto --listall command shows like below:
Apr 01 15:53:23 2009, 1024 RSA Key AwEAAdOVn (has private key), until Mar
This is not an openswan support list. I have no idea, and unless one
of the other lurkers here has knowledge of openswan, you're most
likely not going to be able to find an answer here. :/
-Kyle H
On Wed, Apr 1, 2009 at 1:34 AM, shawnlau net17shawn...@gmail.com wrote:
Thanks you ! But How to
I'm looking to migrate AES encryption code from BSAFE to openSSL. As a test,
I encrypted a string using BSAFE AES tried to decrypt using AES of
openSSL. The openSSL manages to decrypt, but it adds some junk (mostly
unprintable characters) in the end. For example, if my input is 1234, the
I'm so sorry about that! I made a big mistake about the mailing-list! So sorry
-邮件原件-
发件人: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
代表 Kyle Hamilton
发送时间: 2009年4月1日 16:52
收件人: openssl-users@openssl.org
主题: Re: 答复: Checking for RSA private key
On Wed, Apr 01, 2009, m r wrote:
I'm looking to migrate AES encryption code from BSAFE to openSSL. As a test,
I encrypted a string using BSAFE AES tried to decrypt using AES of
openSSL. The openSSL manages to decrypt, but it adds some junk (mostly
unprintable characters) in the end. For
The 'junk' on the end is PKCS padding. Since AES is a block cipher,
it needs to operate on multiples of the block size (16 bytes, or 128
bits). PKCS padding specifies that the final set of bytes are each
set to the number of bytes of padding -- in the 0c case, that's 12
bytes of padding;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.0 Beta 1
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
OpenSSL is currently in a release cycle. The first beta is now released.
The beta release is available for
Thanks very much! I am a newbie to use openssl!
-邮件原件-
发件人: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
代表 Kyle Hamilton
发送时间: 2009年3月30日 15:37
收件人: openssl-users@openssl.org
主题: Re: How to make X.509v3 digital certificate?
Oh man, newbie question, which
Thank you,
after modification crypto/pkcs7/pk7_smime.c (calling EVP_sha256 instead
EVP_sha1 on PKCS7_sign()) signature really containts digest by sha256 and
verification of this signature is successful. Great.
It is the simplest way how to still use openssl by command line only.
Thank you,
after modification crypto/pkcs7/pk7_smime.c (calling EVP_sha256 instead
EVP_sha1 on PKCS7_sign()) signature really containts digest by sha256 and
verification of this signature is successful. Great.
It is the simplest way how to still use openssl by command line only.
OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.0 Beta 1
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
OpenSSL is currently in a release cycle. The first beta is now released.
The beta release
I will simply remind you of the following piece of the (signed) announcement:
Oh and to those who have noticed the date... the joke is that it
isn't a joke.
-Kyle H
__
OpenSSL Project
Thanks for your help. I appreciate the prompt response.
On Wed, Apr 1, 2009 at 3:27 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Wed, Apr 01, 2009, m r wrote:
I'm looking to migrate AES encryption code from BSAFE to openSSL. As a
test,
I encrypted a string using BSAFE AES tried to
Kyle Hamilton wrote:
I will simply remind you of the following piece of the (signed) announcement:
Oh and to those who have noticed the date... the joke is that it
isn't a joke.
-Kyle H
Doesn't matter if it is signed (I noticed that, BTW). April 1st is all
about looking as legit as
Hi,
I looked through the archives and didn't find a similar message.
Issue: ssl_connect() now fails with error to same server when
changing to 0.9.8j (or 0.9.8k) from any previous version.
Server: Tomcast v6018, using self-signed, also tried with Versign-signed
Fail message test message decoded
On Wed, Apr 01, 2009, Mark Laubach wrote:
Hi,
I looked through the archives and didn't find a similar message.
Issue: ssl_connect() now fails with error to same server when
changing to 0.9.8j (or 0.9.8k) from any previous version.
Server: Tomcast v6018, using self-signed, also tried with
Are there any hard and fast rules regarding which openssl functions allocate
memory which they expect the caller to then manage and which ones just return a
pointer to an existing structure?
I'm thinking about things like X509_get_issuer_name, X509_get_subject_name
(which, I think, return
On Wed, Apr 01, 2009, Rene Hollan wrote:
Are there any hard and fast rules regarding which openssl functions allocate
memory which they expect the caller to then manage and which ones just return
a pointer to an existing structure?
I'm thinking about things like X509_get_issuer_name,
On Wednesday 01 April 2009 09:05:05 Thomas J. Hruska wrote:
The problem is that I was under the distinct impression 0.9.9 was the
next release and 1.0.0 was a pipe dream a few years down the road (at
least).
The choice of a 1.0 release is to clearly mark the fact that openssl is
shifting to a
This is an April Fools' joke, right?
-Original Message-
From: owner-openssl-us...@openssl.org on behalf of Geoff Thorpe
Sent: Wed 4/1/2009 12:11 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL 1.0.0 beta 1 released
On Wednesday 01 April 2009 09:05:05 Thomas J. Hruska wrote:
The
I have generated programatically a certificate using _tfopen and
PEM_write_X509 in order to support unicode for certificate file names.
How can I load a certificate in this case? SSL_CTX_use_certificate_file
doesn't work in my case.
Thanks in advance.
--
View this message in context:
On Wed, Apr 01, 2009, AnneB wrote:
I have generated programatically a certificate using _tfopen and
PEM_write_X509 in order to support unicode for certificate file names.
How can I load a certificate in this case? SSL_CTX_use_certificate_file
doesn't work in my case.
You can read the
Hi All!
I've have some doubts regarding SSL_write in non blocking mode..
1. if SSL_write returned SSL_ERROR_WANT_WRITE, it is mentioned that the
call has to be repeated with the same arguments.
Does this means the same buffer to be used again?? or the data
passed in the initial
31 matches
Mail list logo